當前位置: 首頁>>代碼示例>>Python>>正文


Python ruletypes.FlatlineRule類代碼示例

本文整理匯總了Python中elastalert.ruletypes.FlatlineRule的典型用法代碼示例。如果您正苦於以下問題:Python FlatlineRule類的具體用法?Python FlatlineRule怎麽用?Python FlatlineRule使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。


在下文中一共展示了FlatlineRule類的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: test_flatline_no_data

def test_flatline_no_data():
    rules = {
        'timeframe': datetime.timedelta(seconds=30),
        'threshold': 2,
        'timestamp_field': '@timestamp',
    }

    rule = FlatlineRule(rules)

    # Initial lack of data
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:00Z'))
    assert len(rule.matches) == 0

    # Passed the timeframe, still no events
    rule.garbage_collect(ts_to_dt('2014-09-26T12:35:00Z'))
    assert len(rule.matches) == 1
開發者ID:kureus,項目名稱:elastalert,代碼行數:16,代碼來源:rules_test.py

示例2: test_flatline

def test_flatline():
    events = hits(10)
    rules = {"timeframe": datetime.timedelta(seconds=30), "threshold": 2, "timestamp_field": "@timestamp"}

    rule = FlatlineRule(rules)

    # 1 hit should cause an alert until after at least 30 seconds pass
    rule.add_data(hits(1))
    assert rule.matches == []

    rule.add_data(events)

    # This will be run at the end of the hits
    rule.garbage_collect(ts_to_dt("2014-09-26T12:00:11Z"))
    assert rule.matches == []

    # This would be run if the query returned nothing for a future timestamp
    rule.garbage_collect(ts_to_dt("2014-09-26T12:00:45Z"))
    assert len(rule.matches) == 1
開發者ID:mesozoic,項目名稱:elastalert,代碼行數:19,代碼來源:rules_test.py

示例3: test_flatline_query_key

def test_flatline_query_key():
    rules = {'timeframe': datetime.timedelta(seconds=30),
             'threshold': 1,
             'use_query_key': True,
             'query_key': 'qk',
             'timestamp_field': '@timestamp'}

    rule = FlatlineRule(rules)

    # Adding two separate query keys, the flatline rule should trigger for both
    rule.add_data(hits(1, qk='key1'))
    rule.add_data(hits(1, qk='key2'))
    rule.add_data(hits(1, qk='key3'))
    assert rule.matches == []

    # This will be run at the end of the hits
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:11Z'))
    assert rule.matches == []

    # Add new data from key3. It will not immediately cause an alert
    rule.add_data([create_event(ts_to_dt('2014-09-26T12:00:20Z'), qk='key3')])

    # key1 and key2 have not had any new data, so they will trigger the flatline alert
    timestamp = '2014-09-26T12:00:45Z'
    rule.garbage_collect(ts_to_dt(timestamp))
    assert len(rule.matches) == 2
    assert set(['key1', 'key2']) == set([m['key'] for m in rule.matches if m['@timestamp'] == timestamp])

    # Next time the rule runs, the key1 and key2 will have been forgotten. Now key3 will cause an alert
    timestamp = '2014-09-26T12:01:20Z'
    rule.garbage_collect(ts_to_dt(timestamp))
    assert len(rule.matches) == 3
    assert set(['key3']) == set([m['key'] for m in rule.matches if m['@timestamp'] == timestamp])
開發者ID:danielstorytel,項目名稱:elastalert,代碼行數:33,代碼來源:rules_test.py

示例4: test_flatline_count

def test_flatline_count():
    rules = {'timeframe': datetime.timedelta(seconds=30),
             'threshold': 1,
             'timestamp_field': '@timestamp'}
    rule = FlatlineRule(rules)
    rule.add_count_data({ts_to_dt('2014-10-11T00:00:00'): 1})
    rule.garbage_collect(ts_to_dt('2014-10-11T00:00:10'))
    assert len(rule.matches) == 0
    rule.add_count_data({ts_to_dt('2014-10-11T00:00:15'): 0})
    rule.garbage_collect(ts_to_dt('2014-10-11T00:00:20'))
    assert len(rule.matches) == 0
    rule.add_count_data({ts_to_dt('2014-10-11T00:00:35'): 0})
    assert len(rule.matches) == 1
開發者ID:danielstorytel,項目名稱:elastalert,代碼行數:13,代碼來源:rules_test.py

示例5: test_flatline

def test_flatline():
    events = hits(40)
    rules = {
        'timeframe': datetime.timedelta(seconds=30),
        'threshold': 2,
        'timestamp_field': '@timestamp',
    }

    rule = FlatlineRule(rules)

    # 1 hit should cause an alert until after at least 30 seconds pass
    rule.add_data(hits(1))
    assert rule.matches == []

    # Add hits with timestamps 2014-09-26T12:00:00 --> 2014-09-26T12:00:09
    rule.add_data(events[0:10])

    # This will be run at the end of the hits
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:11Z'))
    assert rule.matches == []

    # This would be run if the query returned nothing for a future timestamp
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:45Z'))
    assert len(rule.matches) == 1

    # After another garbage collection, since there are still no events, a new match is added
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:50Z'))
    assert len(rule.matches) == 2

    # Add hits with timestamps 2014-09-26T12:00:30 --> 2014-09-26T12:00:39
    rule.add_data(events[30:])

    # Now that there is data in the last 30 minutes, no more matches should be added
    rule.garbage_collect(ts_to_dt('2014-09-26T12:00:55Z'))
    assert len(rule.matches) == 2

    # After that window passes with no more data, a new match is added
    rule.garbage_collect(ts_to_dt('2014-09-26T12:01:11Z'))
    assert len(rule.matches) == 3
開發者ID:kureus,項目名稱:elastalert,代碼行數:39,代碼來源:rules_test.py

示例6: test_flatline_query_key

def test_flatline_query_key():
    rules = {
        "timeframe": datetime.timedelta(seconds=30),
        "threshold": 1,
        "use_query_key": True,
        "query_key": "qk",
        "timestamp_field": "@timestamp",
    }

    rule = FlatlineRule(rules)

    # Adding two separate query keys, the flatline rule should trigger for both
    rule.add_data(hits(1, qk="key1"))
    rule.add_data(hits(1, qk="key2"))
    rule.add_data(hits(1, qk="key3"))
    assert rule.matches == []

    # This will be run at the end of the hits
    rule.garbage_collect(ts_to_dt("2014-09-26T12:00:11Z"))
    assert rule.matches == []

    # Add new data from key3. It will not immediately cause an alert
    rule.add_data([create_event(ts_to_dt("2014-09-26T12:00:20Z"), qk="key3")])

    # key1 and key2 have not had any new data, so they will trigger the flatline alert
    timestamp = "2014-09-26T12:00:45Z"
    rule.garbage_collect(ts_to_dt(timestamp))
    assert len(rule.matches) == 2
    assert set(["key1", "key2"]) == set([m["key"] for m in rule.matches if m["@timestamp"] == timestamp])

    # Next time the rule runs, the key1 and key2 will have been forgotten. Now key3 will cause an alert
    timestamp = "2014-09-26T12:01:20Z"
    rule.garbage_collect(ts_to_dt(timestamp))
    assert len(rule.matches) == 3
    assert set(["key3"]) == set([m["key"] for m in rule.matches if m["@timestamp"] == timestamp])
開發者ID:mesozoic,項目名稱:elastalert,代碼行數:35,代碼來源:rules_test.py

示例7: test_flatline_count

def test_flatline_count():
    rules = {"timeframe": datetime.timedelta(seconds=30), "threshold": 1, "timestamp_field": "@timestamp"}
    rule = FlatlineRule(rules)
    rule.add_count_data({ts_to_dt("2014-10-11T00:00:00"): 1})
    rule.garbage_collect(ts_to_dt("2014-10-11T00:00:10"))
    assert len(rule.matches) == 0
    rule.add_count_data({ts_to_dt("2014-10-11T00:00:15"): 0})
    rule.garbage_collect(ts_to_dt("2014-10-11T00:00:20"))
    assert len(rule.matches) == 0
    rule.add_count_data({ts_to_dt("2014-10-11T00:00:35"): 0})
    assert len(rule.matches) == 1
開發者ID:mesozoic,項目名稱:elastalert,代碼行數:11,代碼來源:rules_test.py


注:本文中的elastalert.ruletypes.FlatlineRule類示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。